על אודות
Experienced Infrastructure Architect specializing in Software Architecture (Java, Web and…
פעילות
393 עוקבים
-
Avishay Halpren שיתף את זהI’m excited to share that we've launched JFrog Snippet Detection! 🐸 The way developers consume code has changed, but most #security tooling hasn't kept up. Snippets come from everywhere now like #AI assistants, #GitHub, Stack Overflow, and most pipelines have zero visibility into what those snippets carry with them. Binary-level detection with real #developer context. More than just a flag, it shows “the why” behind it and what to do next. If your team is leaning into AI-assisted development, this is the safety net your pipeline has been missing. Learn more: https://gag.gl/GQGdM2 #DevSecOps #SoftwareSupplyChain
-
Avishay Halpren שיתף את זהAvishay Halpren שיתף את זהThe Bitwarden CLI was briefly compromised via a cascading supply chain attack. Malware slipped in through a hijacked GitHub Action and reached developers' most sensitive secrets before anyone noticed. 🔐 This is what modern #softwaresupplychain attacks look like. Read the breakdown: https://bit.ly/3QzGE7U #Cybersecurity #SoftwareSupplyChain #AppSec #BitwardenBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain CampaignBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
-
Avishay Halpren שיתף את זהAvishay Halpren שיתף את זהAttackers just turned #HuggingFace into a malware delivery network and a place to dump your stolen credentials. A rogue #npm package called js-logger-pack looked harmless on install, but then quietly deployed a cross-platform implant that used Hugging Face's own infrastructure to store exfiltrated data. This is the new playbook: abuse trusted platforms to hide in plain sight. Read the full breakdown: https://bit.ly/4cAwlsO #CyberSecurity #SupplyChainAttack #AppSecMalicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration BackendMalicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend
-
Avishay Halpren שיתף את זהAvishay Halpren שיתף את זה⏰ Early bird pricing for #swampUP in New York ends this Thursday, April 30th! ⏰ If you've been on the fence, this is your sign to move: https://swampup.jfrog.com/ Meet the frogs and industry innovators in New York City for three days of keynotes, hands-on training, and real conversations about what it actually takes to build, secure, and ship software in the #AI era. 🗽 #DevOps #DevSecOps #SoftwareSupplyChain
-
Avishay Halpren שיתף את זהAvishay Halpren שיתף את זהYour automated pipelines are a feature, but for attackers, they're an opportunity. A new wave of software library attacks hit #npm and #PyPI packages in the last week, silently merging malware into #dev environments in minutes. The Bitwarden CLI compromise alone reaches 70K downloads a week. Get the full breakdown: https://bit.ly/4mU2EGs #CyberSecurity #SupplyChainAttack #AppSec #OpenSource
-
Avishay Halpren שיתף את זהAvishay Halpren שיתף את זהWe partnered with Carahsoft in our latest blog to explore how Public Sector teams can lock down the software supply chain with automated SBOMs, binary-level security, and end-to-end #DevSecOps. The #SoftwareSupplyChain threat has evolved and attackers aren't just targeting agencies anymore. They're poisoning upstream open source libraries used by thousands of government organizations at once. Learn what steps you can take today: https://bit.ly/4d9oXVt #PublicSector #SBOM #CyberSecurity #FedGov
-
Avishay Halpren שיתף את זהAvishay Halpren שיתף את זה🕵 Principal #DevOps & Automation Engineer Bill Goodrich didn't just read the research on #SoftwareSupplyChain security. He's living it operationalizing #DevSecOps across 30+ projects and multiple continents at VIAVI Solutions. 🤝 And he's joining us on May 6 for a fireside chat on exactly how they did it: the decisions, the trade-offs, the moments where the old approach stopped working. If your team is managing distributed infrastructure, navigating compliance requirements like #ITAR, or just trying to make #security reviews stop being the bottleneck, then Bill's story maps directly to your reality. Tag a colleague who needs to hear this. Then register: https://bit.ly/4cn01th
-
Avishay Halpren פרסם/פרסמה את זה מחדשAvishay Halpren פרסם/פרסמה את זה מחדש"The code is getting cleaner (woo hoo). The supply chain is getting faster. Those two things are not the same problem." Last week was another exciting week in tech – a smart announcement from Anthropic on a Friday afternoon (nice move on timing) and developers, vendors, buyers and investors alike went into a whirlwind of crazy. If you didn’t catch it Anthropic announced the availability of a new capability in beta that essentially identifies code level “security vulnerabilities and suggests targeted software patches for human review” (good news I say). So many posts over the weekend focused on the reaction of the investor community (which was let’s say “interesting”, remember I’m British) and what this means for product X and Y, but that’s not what was most interesting to me. More interesting is that Anthropic just helped shine a MASSIVE light on how much traditional one-dimensional security approaches really are. That's where we all need to focus - on what's good enough? If AI is creating the code and checking the code, how do we check the AI? If we believe we have “clean” code, where has the risk shifted and how do we secure against that? Will we be collectively congratulating ourselves on building the world's most secure front door while leaving the loading dock wide open? Check out the current discussion happening with JFrog co-founder Yoav Landman (link in comments). #AI #AIsecurity #anthropic #SAST
-
Avishay Halpren פרסם/פרסמה את זה מחדשRead JFrog CMO Genfa Murphy’s take on how relying solely on #AI for code security – when it’s often the same AI that builds the code – is akin to adding an extra deadbolt on your front door, while leaving your back door wide open…Join the conversation #DevSecOps #security #softwaresupplychainAvishay Halpren פרסם/פרסמה את זה מחדש"The code is getting cleaner (woo hoo). The supply chain is getting faster. Those two things are not the same problem." Last week was another exciting week in tech – a smart announcement from Anthropic on a Friday afternoon (nice move on timing) and developers, vendors, buyers and investors alike went into a whirlwind of crazy. If you didn’t catch it Anthropic announced the availability of a new capability in beta that essentially identifies code level “security vulnerabilities and suggests targeted software patches for human review” (good news I say). So many posts over the weekend focused on the reaction of the investor community (which was let’s say “interesting”, remember I’m British) and what this means for product X and Y, but that’s not what was most interesting to me. More interesting is that Anthropic just helped shine a MASSIVE light on how much traditional one-dimensional security approaches really are. That's where we all need to focus - on what's good enough? If AI is creating the code and checking the code, how do we check the AI? If we believe we have “clean” code, where has the risk shifted and how do we secure against that? Will we be collectively congratulating ourselves on building the world's most secure front door while leaving the loading dock wide open? Check out the current discussion happening with JFrog co-founder Yoav Landman (link in comments). #AI #AIsecurity #anthropic #SAST
-
Avishay Halpren אהבתי את זהAvishay Halpren אהבתי את זהSi un agente de IA puede ejecutarlo, tú deberías poder gobernarlo. 🛡️ Hoy estamos muy contentos de anunciar el Registro JFrog MCP, el sistema de registro para la #CadenaDeSuministroDeSoftware impulsada por IA y en agentes. Al tratar los servidores #MCP como artefactos de software, estamos permitiendo que los equipos de plataforma bloqueen de forma proactiva las herramientas maliciosas antes de que ingresen a la organización, sin ralentizar la velocidad de innovación. 🚀 Lee el comunicado de prensa completo aquí: https://lnkd.in/dgC7xVS4 #IAGenerativa #DevSecOps #IA #SistemaDeRegistro #ÚnicaFuenteDeVerdadJFrog presenta el Registro MCP Universal, entregando un sistema de registro seguro para la cadena de suministro de software impulsada por IAJFrog presenta el Registro MCP Universal, entregando un sistema de registro seguro para la cadena de suministro de software impulsada por IA
-
Avishay Halpren אהבתי את זהAvishay Halpren אהבתי את זהEstamos muy contentos de asociarnos con NVIDIA y de que nuestro nuevo JFrog Agent Skills Registry sea una tecnología de adopción temprana para NVIDIA #NemoClaw. 🤝 Juntos estamos proporcionando una capa de confianza verificable para el software impulsado por IA, ayudando a las empresas a escalar sus equipos de agentes con #gobernanza integrada, brindando total confianza y cero fricción. #IA #CadenaDeSupministroSoftware #DevGovOps #DevSecOps #Seguridad #GTCJFrog ofrece una capa de confianza para el software basado en IA junto con NVIDIAJFrog ofrece una capa de confianza para el software basado en IA junto con NVIDIA
-
Avishay Halpren אהבתי את זהAvishay Halpren אהבתי את זה#Los agentes de IA están escribiendo tu código, ¿pero están verificando que las dependencias sean seguras? 📣 Aquí están las GRANDES NOTICIAS que lo harán más fácil: La Plataforma JFrog ya está en el marketplace de Cursor, llevando seguridad en tiempo real de la cadena de suministro a más de 1 millón de desarrolladores, directamente en su IDE nativo de IA. Escanea CVEs. Aplica políticas. Sin cambiar de contexto. Pruébalo hoy en el marketplace de Cursor. Más información: https://lnkd.in/djch4yUt #CadenaDeSupministroSoftware #DevSecOps #AgentesIA #CursorJFrog lleva la seguridad empresarial de la cadena de suministro de software a CursorJFrog lleva la seguridad empresarial de la cadena de suministro de software a Cursor
-
Avishay Halpren אהבתי את זהAvishay Halpren אהבתי את זהSe um agente de IA pode executar, você deve ser capaz de governar. 🛡️ Hoje, estamos muito felizes em anunciar o JFrog MCP Registry, o sistema de registro para a #CadeiaDeSuprimentosSoftware impulsionada por IA e agentes. Ao tratar servidores #MCP como artefatos de software, estamos permitindo que as equipes de plataforma bloqueiem proativamente ferramentas maliciosas antes que elas entrem na organização, sem desacelerar a velocidade de inovação. Saber mais: https://lnkd.in/dwyHFNvg #IAGenerativa #DevSecOps #IA #SistemaDeRegistro #ÚnicaFonteDaVerdadeJFrog apresenta o Registro MCP Universal, entregando um sistema de registro seguro para a cadeia de suprimentos de software impulsionada por IAJFrog apresenta o Registro MCP Universal, entregando um sistema de registro seguro para a cadeia de suprimentos de software impulsionada por IA
-
Avishay Halpren אהבתי את זהAvishay Halpren אהבתי את זה#Agentes de IA estão escrevendo o seu código, mas estão verificando se as dependências são seguras? 📣 Aqui está a GRANDE NOVIDADE que vai facilitar tudo: A Plataforma JFrog já está no marketplace do Cursor — levando segurança em tempo real da cadeia de suprimentos para mais de 1 milhão de desenvolvedores, direto no seu IDE nativo de IA. Escaneie CVEs. Aplique políticas. Sem troca de contexto. Experimente hoje no marketplace do Cursor. Saiba mais: https://lnkd.in/djch4yUt #CadeiaDeSuprimentosSoftware #DevSecOps #AgentesIA #CursorJFrog traz segurança empresarial da cadeia de suprimentos de software para o CursorJFrog traz segurança empresarial da cadeia de suprimentos de software para o Cursor
-
Avishay Halpren אהבתי את זהAvishay Halpren אהבתי את זה🚨 Security Alert: New analysis of the js-logger-pack #npm malware reveals a major shift — attackers are now using #HuggingFace as both a malware CDN and a direct exfiltration backend. 🔗 Full breakdown: https://bit.ly/4mJ0rxz Instead of a traditional C2 server, stolen data — keystrokes, files, credentials — is uploaded directly to private Hugging Face datasets, letting malicious traffic blend in with legitimate AI platform activity. And it gets weirder: the attacker is planting false metadata to impersonate a real exec (Josh Stevens, VP at Polymarket) to cover their tracks.js-logger-pack Operator Turns Hugging Face into a Malware CDN and Exfiltration Backendjs-logger-pack Operator Turns Hugging Face into a Malware CDN and Exfiltration Backend
-
Avishay Halpren אהבתי את זהAvishay Halpren אהבתי את זה🐸 A cadeia de suprimentos de software agora é sobre gerenciar inteligência e acabamos de apresentar 9 novas inovações projetadas para estabelecer a JFrog como a camada de confiança para a fronteira agêntica! 4️⃣ Quatro inovações estabelecem os controles de hashtag#governança, hashtag#conformidade e hashtag#segurança necessários para implantar agentes com confiança, incluindo os Registros de MCP e Habilidades de Agentes, o plugin da JFrog para hashtag#Cursor e política-como-código. 5️⃣ Cinco inovações que garantirão que a plataforma JFrog escale de forma limpa em equipes distribuídas, como JFrog Curation Federation, atualizações de federação de repositórios, retenção inteligente, suporte a hashtag#Nix e disponibilidade premium de 99,99%. O binário é a fonte da verdade. Garantimos que ele carregue sua própria prova. 🔗 Veja o resumo completo aqui: https://lnkd.in/gYd55TG4 #DevOps #DevSecOps #IA #CadeiaDeSuprimentosSoftware #IAAgêntica
ניסיון
-
-
-
-
-
-
-
-
-
-
-
פרופילים דומים אחרים
גלה פוסטים נוספים
-
Who Got Funded Israel
Novee Security raises $51.5M in Seed and Series A. Led by YL Ventures, with participation from Canaan Partners and investor oren zeev through Zeev Ventures., marking one of the largest early-stage rounds in Israeli cybersecurity. Novee is building an AI-powered penetration testing platform that continuously simulates real attackers, helping security teams identify and prioritize real exploit paths in fast-changing environments. Founded by Ido Geffen, Gon Chalamish, and Omer Ninburg, the team combines deep offensive security, R&D leadership, and large-scale cybersecurity experience to rethink how organizations test and defend their systems. Follow Who Got Funded Israel for more startup funding updates.
3 תגובות -
Breeze Security
"𝗪𝗲 𝘁𝗵𝗼𝘂𝗴𝗵𝘁 𝘄𝗲 𝗵𝗮𝗱 𝘃𝗶𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆." Tamir Ronen CISO at HiBob, runs security for a cloud-native HR platform managing employee lifecycles globally. His team had tools for cloud security, SaaS monitoring, endpoint protection. But they didn't have a way to see how those tools connected. Each system showed individual risks yet none of them showed how those risks chained together into exploitable attack paths. Within hours of deploying Breeze, Tamir's team found their first connected risk: three low-severity misconfigurations that, when combined, created a path to critical employee data. "One of the first findings we resolved was a set of low-risk misconfigurations that, when combined, formed a potential attack path, clearly demonstrating the value of Breeze." That's the gap most security teams have. Not missing individual findings, but missing how those findings can connect across your entire integration chain. Watch the full video to hear how Tamir's team shifted from managing alerts to disrupting attack paths.
13 תגובות -
Johnny Hashoul
Next time you ‘Vibe Code’: (🤫 whispering) Be aware that you aren’t in control of your system, so don’t ever never call it production-ready code, capiche? TL;DR: Wiz Research discovered a critical authentication flaw in the Base44 ‘Vibe Coding’ platform: Attackers could register verified accounts on private apps using only the app_id publicly exposed in app URLs and manifest files bypassing any proper access controls. 🥹
-
Elisa Horowitz
Just finished watching a super insightful conversation with Michael Grinker and Michal Porat — and if you’re even a little curious about where AI + customer service is heading, this is one you’ll want to check out. 🤖✨ Both of them are absolute superheroes in their field, and it really shows in the way they break things down. What I can share (without spoiling too much 😉): AI is taking on far more than most people realize… but somehow, the human role becomes even more meaningful. And the way they explain when AI should step in and when a human absolutely must — 🔥. Clear, practical, and very real. There’s also one example in the video that really made me pause — huge implications for efficiency and customer expectations. 👀 Let’s just say: the future of service is going to feel very different. If you’re exploring how to balance speed ⚡ with empathy ❤️ in your customer experience strategy, this video is definitely worth your time: 👉 https://lnkd.in/eADWw3ep #AI #CustomerExperience #DigitalTransformation #Leadership #Innovation #FutureOfWork
3 תגובות -
CloudZone
“𝗪𝗲 𝗰𝘂𝘁 𝗼𝘂𝗿 𝗰𝗹𝗼𝘂𝗱 𝘀𝗽𝗲𝗻𝗱 𝗯𝘆 𝟮𝟱% 𝗶𝗻 𝘁𝗵𝗲 𝘃𝗲𝗿𝘆 𝗳𝗶𝗿𝘀𝘁 𝗺𝗼𝗻𝘁𝗵.” These words come directly from Ofer LaOr, VP Engineering, and Avishay Cohen , Co-founder & CEO at Anima. Anima is a fast-growing tech company serving over 1.5M users. They faced a challenge: rapidly rising cloud costs and the need to scale quickly, all while keeping their team focused on building and innovating. That’s where CloudZone’s Max Squad stepped in. A dedicated team of a Customer Success Manager, Solutions Architect, and FinOps Expert, working side-by-side with Anima to cut waste, streamline operations, and always stay three steps ahead. In just one month, Anima reduced cloud spend by 25%, scaled seamlessly to handle 20× growth in LLM demand, and freed up its engineers to focus on its product and users. 𝗪𝗮𝘁𝗰𝗵 𝗵𝗼𝘄 𝗶𝗻𝗻𝗼𝘃𝗮𝘁𝗶𝗼𝗻, 𝘁𝗲𝗮𝗺𝘄𝗼𝗿𝗸, 𝗮𝗻𝗱 𝗮 𝗯𝗶𝘁 𝗼𝗳 𝗵𝘂𝗺𝗼𝗿 𝗰𝗼𝗺𝗲 𝘁𝗼𝗴𝗲𝘁𝗵𝗲𝗿 𝗶𝗻 𝘁𝗵𝗲𝗶𝗿 𝘀𝘁𝗼𝗿𝘆.
4 תגובות -
CyberBytes
In today's BlackHat edition of CyberBytes we sat down with Kfir Gollan – CTO & Co-Founder of CeTu – to hear how he went from: 💻 Writing code at Wix as a teenager... 🎖️ Serving in the IDF’s cyber defense unit... ➡️ To now co-founding CeTu, a company rethinking how security teams make sense of the overwhelming flood of data in the GenAI era. In this episode, Kofir shares: ✨ Why face-to-face conversations still beat Zoom for building trust. ✨ How CeTu is tackling the scale and complexity of modern security data. ✨ What it’s like to launch a startup as a first-time founder With customers already onboard and demand outpacing supply, CeTu is one to watch. Listen now: 🎥 YouTube: https://lnkd.in/e6_d29vV 🎧 Spotify: https://lnkd.in/eNRaEriD #CyberBytesPodcast #BlackHat2025 #Cybersecurity #GenAI #DataOrchestration #Startups Ben GascoigneCeTuKfir GollanNina KorfiasMarketbridge
2 תגובות -
Traded: Venture Capital
Torq, the Israeli-American AI security operations startup founded in 2020 by Ofer Smadari, Leonid Belkind, and Eldad Livni, raised $140 million in a Series D round led by Merlin Ventures, pushing its valuation to $1.2 billion and total funding to $332 million. The company plans to use the capital to expand adoption of its self-service AI SOC Platform across Fortune 500 enterprises and into U.S. federal and public sector markets, building on strong growth driven by widespread deployment of its AI Agents for investigation and response in security operations centers. FOUNDERS: Ofer Smadari, Leonid Belkind & Eldad Livni INVESTORS: Merlin Ventures, Evolution Equity Partners, Notable Capital, Bessemer Venture Partners, Insight Ventures Partners &Greenfield Partners ROUND: Series D AMOUNT: $140,000,000 VALUATION: $1,200,000,000 HQ: #TelAviv #Israel #VentureCapital #Torq #OferSmadari #LeonidBelkind #EldadLivni #MerlinVentures #EvolutionEquityPartners #NotableCapital #BessemerVenturePartners #InsightVenturesPartners #GreenfieldPartners #TradedVC
1 תגובה